const express = require('express')
const path = require('path')
const app = express()

app.set('views', path.join(__dirname, 'views'));
app.engine('html', require('ejs').renderFile);
app.set('view engine', 'html');

function changeCode(str) {
    let index = str.indexOf('<')
    let index2 = str.indexOf('>')
    if (index >= 0) {
        str[index] = '&lt'
    }
    if (index2 >= 0) {
        str[index2] = '&gt'
    }
    console.log(str);
    return str
}

app.get('/', function (req, res, next) {
    res.render('index', { title: 'Express', xss: req.query.xss })
})

app.listen(3000)

{/* <script>alert('你被攻击了')</script> */ }